From e3573828fdf4cec810eba440f7c2f9c92399100e Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Wed, 10 Sep 2025 14:24:38 -0700 Subject: [PATCH 1/6] fix(ci): `update-stores` to also update the internal `cmd/store-types.json` file. Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- .github/workflows/update-stores.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/update-stores.yml b/.github/workflows/update-stores.yml index 63d3834..a1d6d73 100644 --- a/.github/workflows/update-stores.yml +++ b/.github/workflows/update-stores.yml @@ -103,6 +103,7 @@ jobs: run: | python main.py --repo-name ${{ env.KFUTIL_ARG }} --ref ${{ env.TARGET_REPO_BRANCH }} cat store_types.json + cp -f store_types.json cmd/store_types.json env: GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN }} @@ -134,6 +135,7 @@ jobs: run: | echo "Saving original store_types.json as store_types.sav.json" cp -f ./tools/store-type-merge/store_types.json ./merge-folder/store_types.json + cp -f ./tools/store-type-merge/store_types.json ./merge-folder/cmd/store_types.json # this necessary? # Diff the new json against the saved copy and set an UPDATE_FILE variable - name: Diff the results @@ -154,7 +156,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }} with: - add: store_types.json --force + add: store_types.json cmd/store_types.json --force message: Update store_types.json for ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} author_name: Keyfactor author_email: keyfactor@keyfactor.github.io @@ -167,7 +169,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }} with: - add: store_types.json --force + add: store_types.json cmd/store_types.json --force message: Update store_types.json for ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} author_name: Keyfactor author_email: keyfactor@keyfactor.github.io From 069e1c2f414572edd4d6dddf6f98fa46bdf2cc50 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Wed, 10 Sep 2025 14:25:38 -0700 Subject: [PATCH 2/6] chore(store-types): Update internal store-types with latest data and internal version to `1.8.4` Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- pkg/version/version.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/version/version.go b/pkg/version/version.go index 7532f44..85a1ebe 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -15,7 +15,7 @@ package version var ( - VERSION = "1.8.3" - BUILD_DATE = "2025-08-14" + VERSION = "1.8.4" + BUILD_DATE = "2025-09-10" COMMIT = "HEAD" ) From b19462b219444bc8190f9df92ba47da49065b8a7 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Wed, 10 Sep 2025 14:35:24 -0700 Subject: [PATCH 3/6] chore(ci): Don't `cat` the store-types.json after running python script. Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- .github/workflows/update-stores.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/update-stores.yml b/.github/workflows/update-stores.yml index a1d6d73..a711f17 100644 --- a/.github/workflows/update-stores.yml +++ b/.github/workflows/update-stores.yml @@ -102,8 +102,11 @@ jobs: working-directory: ./tools/store-type-merge run: | python main.py --repo-name ${{ env.KFUTIL_ARG }} --ref ${{ env.TARGET_REPO_BRANCH }} - cat store_types.json - cp -f store_types.json cmd/store_types.json + pwd + ls -la + ls -la ../ + ls -la ../../ + cp -f store_types.json ../../cmd/store_types.json env: GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN }} From 581a304bf406dee339de9a31601d51e76d9d53f9 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Wed, 10 Sep 2025 14:38:22 -0700 Subject: [PATCH 4/6] fix(ci): Generate PR into caller branch for store-type updates. Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- .github/workflows/update-stores.yml | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/.github/workflows/update-stores.yml b/.github/workflows/update-stores.yml index a711f17..7967dd1 100644 --- a/.github/workflows/update-stores.yml +++ b/.github/workflows/update-stores.yml @@ -69,6 +69,7 @@ jobs: repository: 'keyfactor/kfutil' sparse-checkout: | .github + cmd path: './merge-folder/' token: ${{ secrets.V2BUILDTOKEN }} ref: '${{env.KFUTIL_ARG}}' @@ -81,6 +82,7 @@ jobs: repository: 'keyfactor/kfutil' sparse-checkout: | .github + cmd path: './merge-folder/' token: ${{ secrets.V2BUILDTOKEN }} @@ -102,11 +104,6 @@ jobs: working-directory: ./tools/store-type-merge run: | python main.py --repo-name ${{ env.KFUTIL_ARG }} --ref ${{ env.TARGET_REPO_BRANCH }} - pwd - ls -la - ls -la ../ - ls -la ../../ - cp -f store_types.json ../../cmd/store_types.json env: GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN }} @@ -138,7 +135,10 @@ jobs: run: | echo "Saving original store_types.json as store_types.sav.json" cp -f ./tools/store-type-merge/store_types.json ./merge-folder/store_types.json + mkdir -p ./merge-folder/cmd || true cp -f ./tools/store-type-merge/store_types.json ./merge-folder/cmd/store_types.json # this necessary? + ls -la ./merge-folder/ + ls -la ./merge-folder/cmd/ # Diff the new json against the saved copy and set an UPDATE_FILE variable - name: Diff the results @@ -159,7 +159,9 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }} with: - add: store_types.json cmd/store_types.json --force + add: | + store_types.json + ./cmd/store_types.json --force message: Update store_types.json for ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} author_name: Keyfactor author_email: keyfactor@keyfactor.github.io @@ -172,7 +174,9 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }} with: - add: store_types.json cmd/store_types.json --force + add: | + store_types.json + ./cmd/store_types.json --force message: Update store_types.json for ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} author_name: Keyfactor author_email: keyfactor@keyfactor.github.io @@ -187,7 +191,7 @@ jobs: console.log("Commit to ${{env.KFUTIL_ARG}} for PR") const owner = context.repo.owner; const repo = context.repo.repo; - const baseBranch = 'main'; + const baseBranch = context.ref.replace('refs/heads/', 'main'); // Default base branch is main const newBranch = '${{env.KFUTIL_ARG}}'; const response = await github.rest.pulls.create({ owner, From 2bcb76a117de336fc8496d4c55727be5fa456e7a Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Wed, 10 Sep 2025 22:14:29 +0000 Subject: [PATCH 5/6] Update store_types.json for all:latest --- cmd/store_types.json | 317 ++++++++++++++++++++++++++++++++++++++++++- store_types.json | 317 ++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 632 insertions(+), 2 deletions(-) diff --git a/cmd/store_types.json b/cmd/store_types.json index 0439fb1..6fac9af 100644 --- a/cmd/store_types.json +++ b/cmd/store_types.json @@ -421,6 +421,34 @@ "ClientMachineDescription": "This is a full AWS ARN specifying a Role. This is the Role that will be assumed in any Auth scenario performing Assume Role. This will dictate what certificates are usable by the orchestrator. A preceding [profile] name should be included if a Credential Profile is to be used in Default Sdk Auth.", "StorePathDescription": "A single specified AWS Region the store will operate in. Additional regions should get their own store defined." }, + { + "Name": "Airlock Application Firewall Certificate", + "ShortName": "AirlockWAF", + "Capability": "AirlockWAF", + "LocalStore": false, + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": false, + "Remove": false + }, + "Properties": [], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": true, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Required", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Allowed" + }, { "Name": "Akamai Certificate Provisioning Service", "ShortName": "Akamai", @@ -2086,7 +2114,7 @@ "DependsOn": "", "DefaultValue": "", "Options": "", - "Description": "One to many comma delimited F5 SSL Profile names the certificate is bound to" + "Description": "One to many comma delimited F5 SSL Profiles to bind the certificate to (new certificates ONLY)" } ] }, @@ -3618,6 +3646,51 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Forbidden" }, + { + "Name": "MyOrchestratorStoreType", + "ShortName": "MOST", + "Capability": "MOST", + "LocalStore": false, + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": false, + "Remove": false + }, + "Properties": [ + { + "Name": "CustomField1", + "DisplayName": "CustomField1", + "Type": "String", + "DependsOn": "", + "DefaultValue": "default", + "Required": true + }, + { + "Name": "CustomField2", + "DisplayName": "CustomField2", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": true + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Forbidden", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden" + }, { "Name": "Nmap Orchestrator", "ShortName": "Nmap", @@ -3647,6 +3720,135 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Optional" }, + { + "Name": "OktaApp", + "ShortName": "OktaApp", + "LocalStore": false, + "StorePathDescription": "This should contain the Okta App ID (please see overview for description).", + "ClientMachineDescription": "This should contain your Okta URL (e.g. https://trial-1111.okta.com).", + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": true, + "Remove": false + }, + "Properties": [ + { + "Name": "DefaultValidityYears", + "DisplayName": "DefaultValidityYears", + "Type": "String", + "DependsOn": null, + "DefaultValue": "1", + "Required": true, + "Description": "Number of years the certificate will be valid for by default. Required by Okta." + } + ], + "EntryParameters": [ + { + "Name": "SANList", + "DisplayName": "SANList", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "", + "Options": "", + "Description": "This is a comma-separated list of Subject Alternative Names (SANs) to be included in the certificate. Required by Okta. Must contain at least one SAN." + }, + { + "Name": "ActivateCredential", + "DisplayName": "ActivateCredential", + "Type": "Bool", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "false", + "Options": "", + "Description": "This is a boolean indicating whether to activate the certificate in Okta after reenrollment/ODKG." + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Forbidden", + "ServerRequired": true, + "CustomAliasAllowed": "Forbidden" + }, + { + "Name": "OktaIdP", + "ShortName": "OktaIdP", + "StorePathDescription": "This should contain the Okta IdP ID (please see overview for description).", + "ClientMachineDescription": "This should contain your Okta URL (e.g. https://trial-1111.okta.com).", + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": true, + "Remove": false + }, + "Properties": [ + { + "Name": "DefaultValidityYears", + "DisplayName": "DefaultValidityYears", + "Type": "String", + "DependsOn": null, + "DefaultValue": "1", + "Required": true, + "Description": "Number of years the certificate will be valid for by default. Required by Okta." + } + ], + "EntryParameters": [ + { + "Name": "SANList", + "DisplayName": "SANList", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "", + "Options": "", + "Description": "This is a comma-separated list of Subject Alternative Names (SANs) to be included in the certificate. Required by Okta. Must contain at least one SAN." + }, + { + "Name": "ActivateCredential", + "DisplayName": "ActivateCredential", + "Type": "Bool", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "true", + "Options": "", + "Description": "This is a boolean indicating whether to activate the certificate in Okta after reenrollment/ODKG." + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Forbidden", + "ServerRequired": true, + "CustomAliasAllowed": "Forbidden" + }, { "Name": "PaloAlto", "ShortName": "PaloAlto", @@ -4474,6 +4676,119 @@ "ClientMachineDescription": "The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access.", "StorePathDescription": "The Store Path field should contain the full path and file name, including file extension if applicable, beginning with a forward slash (/) for Linux orchestrated servers or a drive letter (i.e., c:\\folder\\path\\storename.p12) for Windows orchestrated servers. Example: '/folder/path/storename.p12' or 'c:\\folder\\path\\storename.p12'." }, + { + "Name": "Sample Orchestrator Solution", + "ShortName": "SOS", + "Capability": "SOS", + "LocalStore": false, + "StorePathDescription": "Path points to a local .json file. Orchestrator and its account should have read/write access.", + "ClientMachineDescription": "Runs on a Windows based machine.", + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": true, + "Remove": true + }, + "Properties": [ + { + "Name": "StoreNameString", + "DisplayName": "Store Name", + "Type": "String", + "Required": false, + "Description": "The Store name for the particular SOS store." + }, + { + "Name": "ForTestingOnlyBool", + "DisplayName": "For Testing Only", + "Type": "Bool", + "DefaultValue": "true", + "Required": false, + "Description": "Test bool variable." + }, + { + "Name": "CollectionNameMultipleChoice", + "DisplayName": "Collection Name", + "Type": "MultipleChoice", + "DefaultValue": "internal", + "Options": "internal,public,single use,ssl", + "Required": true, + "Description": "A test collection." + }, + { + "Name": "PrivateDetailsSecret", + "DisplayName": "Private Details", + "Type": "Secret", + "Required": false, + "DefaultValue": "test", + "Description": "A test secret." + } + ], + "EntryParameters": [ + { + "Name": "CommaSeparatedSansString", + "DisplayName": "SANs", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "Description": "SAN string." + }, + { + "Name": "CertColorMultipleChoice", + "DisplayName": "Certificate Color", + "Type": "MultipleChoice", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DefaultValue": "red", + "Options": "red,green,blue,orange", + "Description": "A test variable with multiple choice." + }, + { + "Name": "ForTestingOnlyBool", + "DisplayName": "For Testing Only", + "Type": "Bool", + "RequiredWhen": { + "HasPrivateKey": true, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DefaultValue": "true", + "Description": "Another test boolean." + }, + { + "Name": "PrivateCertDetailsSecret", + "DisplayName": "Private Cert Details", + "Type": "Secret", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DefaultValue": "test", + "Description": "A per cert secret." + } + ], + "PasswordOptions": { + "EntrySupported": true, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Optional", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Optional" + }, { "Name": "Signum", "ShortName": "Signum", diff --git a/store_types.json b/store_types.json index 0439fb1..6fac9af 100644 --- a/store_types.json +++ b/store_types.json @@ -421,6 +421,34 @@ "ClientMachineDescription": "This is a full AWS ARN specifying a Role. This is the Role that will be assumed in any Auth scenario performing Assume Role. This will dictate what certificates are usable by the orchestrator. A preceding [profile] name should be included if a Credential Profile is to be used in Default Sdk Auth.", "StorePathDescription": "A single specified AWS Region the store will operate in. Additional regions should get their own store defined." }, + { + "Name": "Airlock Application Firewall Certificate", + "ShortName": "AirlockWAF", + "Capability": "AirlockWAF", + "LocalStore": false, + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": false, + "Remove": false + }, + "Properties": [], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": true, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Required", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Allowed" + }, { "Name": "Akamai Certificate Provisioning Service", "ShortName": "Akamai", @@ -2086,7 +2114,7 @@ "DependsOn": "", "DefaultValue": "", "Options": "", - "Description": "One to many comma delimited F5 SSL Profile names the certificate is bound to" + "Description": "One to many comma delimited F5 SSL Profiles to bind the certificate to (new certificates ONLY)" } ] }, @@ -3618,6 +3646,51 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Forbidden" }, + { + "Name": "MyOrchestratorStoreType", + "ShortName": "MOST", + "Capability": "MOST", + "LocalStore": false, + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": false, + "Remove": false + }, + "Properties": [ + { + "Name": "CustomField1", + "DisplayName": "CustomField1", + "Type": "String", + "DependsOn": "", + "DefaultValue": "default", + "Required": true + }, + { + "Name": "CustomField2", + "DisplayName": "CustomField2", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": true + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Forbidden", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden" + }, { "Name": "Nmap Orchestrator", "ShortName": "Nmap", @@ -3647,6 +3720,135 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Optional" }, + { + "Name": "OktaApp", + "ShortName": "OktaApp", + "LocalStore": false, + "StorePathDescription": "This should contain the Okta App ID (please see overview for description).", + "ClientMachineDescription": "This should contain your Okta URL (e.g. https://trial-1111.okta.com).", + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": true, + "Remove": false + }, + "Properties": [ + { + "Name": "DefaultValidityYears", + "DisplayName": "DefaultValidityYears", + "Type": "String", + "DependsOn": null, + "DefaultValue": "1", + "Required": true, + "Description": "Number of years the certificate will be valid for by default. Required by Okta." + } + ], + "EntryParameters": [ + { + "Name": "SANList", + "DisplayName": "SANList", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "", + "Options": "", + "Description": "This is a comma-separated list of Subject Alternative Names (SANs) to be included in the certificate. Required by Okta. Must contain at least one SAN." + }, + { + "Name": "ActivateCredential", + "DisplayName": "ActivateCredential", + "Type": "Bool", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "false", + "Options": "", + "Description": "This is a boolean indicating whether to activate the certificate in Okta after reenrollment/ODKG." + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Forbidden", + "ServerRequired": true, + "CustomAliasAllowed": "Forbidden" + }, + { + "Name": "OktaIdP", + "ShortName": "OktaIdP", + "StorePathDescription": "This should contain the Okta IdP ID (please see overview for description).", + "ClientMachineDescription": "This should contain your Okta URL (e.g. https://trial-1111.okta.com).", + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": true, + "Remove": false + }, + "Properties": [ + { + "Name": "DefaultValidityYears", + "DisplayName": "DefaultValidityYears", + "Type": "String", + "DependsOn": null, + "DefaultValue": "1", + "Required": true, + "Description": "Number of years the certificate will be valid for by default. Required by Okta." + } + ], + "EntryParameters": [ + { + "Name": "SANList", + "DisplayName": "SANList", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "", + "Options": "", + "Description": "This is a comma-separated list of Subject Alternative Names (SANs) to be included in the certificate. Required by Okta. Must contain at least one SAN." + }, + { + "Name": "ActivateCredential", + "DisplayName": "ActivateCredential", + "Type": "Bool", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "true", + "Options": "", + "Description": "This is a boolean indicating whether to activate the certificate in Okta after reenrollment/ODKG." + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Forbidden", + "ServerRequired": true, + "CustomAliasAllowed": "Forbidden" + }, { "Name": "PaloAlto", "ShortName": "PaloAlto", @@ -4474,6 +4676,119 @@ "ClientMachineDescription": "The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access.", "StorePathDescription": "The Store Path field should contain the full path and file name, including file extension if applicable, beginning with a forward slash (/) for Linux orchestrated servers or a drive letter (i.e., c:\\folder\\path\\storename.p12) for Windows orchestrated servers. Example: '/folder/path/storename.p12' or 'c:\\folder\\path\\storename.p12'." }, + { + "Name": "Sample Orchestrator Solution", + "ShortName": "SOS", + "Capability": "SOS", + "LocalStore": false, + "StorePathDescription": "Path points to a local .json file. Orchestrator and its account should have read/write access.", + "ClientMachineDescription": "Runs on a Windows based machine.", + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": true, + "Remove": true + }, + "Properties": [ + { + "Name": "StoreNameString", + "DisplayName": "Store Name", + "Type": "String", + "Required": false, + "Description": "The Store name for the particular SOS store." + }, + { + "Name": "ForTestingOnlyBool", + "DisplayName": "For Testing Only", + "Type": "Bool", + "DefaultValue": "true", + "Required": false, + "Description": "Test bool variable." + }, + { + "Name": "CollectionNameMultipleChoice", + "DisplayName": "Collection Name", + "Type": "MultipleChoice", + "DefaultValue": "internal", + "Options": "internal,public,single use,ssl", + "Required": true, + "Description": "A test collection." + }, + { + "Name": "PrivateDetailsSecret", + "DisplayName": "Private Details", + "Type": "Secret", + "Required": false, + "DefaultValue": "test", + "Description": "A test secret." + } + ], + "EntryParameters": [ + { + "Name": "CommaSeparatedSansString", + "DisplayName": "SANs", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "Description": "SAN string." + }, + { + "Name": "CertColorMultipleChoice", + "DisplayName": "Certificate Color", + "Type": "MultipleChoice", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DefaultValue": "red", + "Options": "red,green,blue,orange", + "Description": "A test variable with multiple choice." + }, + { + "Name": "ForTestingOnlyBool", + "DisplayName": "For Testing Only", + "Type": "Bool", + "RequiredWhen": { + "HasPrivateKey": true, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DefaultValue": "true", + "Description": "Another test boolean." + }, + { + "Name": "PrivateCertDetailsSecret", + "DisplayName": "Private Cert Details", + "Type": "Secret", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DefaultValue": "test", + "Description": "A per cert secret." + } + ], + "PasswordOptions": { + "EntrySupported": true, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Optional", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Optional" + }, { "Name": "Signum", "ShortName": "Signum", From ecd705a62d701694995a7d6c426bb101b0084694 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Wed, 10 Sep 2025 14:38:22 -0700 Subject: [PATCH 6/6] fix(ci): Generate PR into caller branch for store-type updates. Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- .github/workflows/update-stores.yml | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/.github/workflows/update-stores.yml b/.github/workflows/update-stores.yml index a711f17..c4b53b1 100644 --- a/.github/workflows/update-stores.yml +++ b/.github/workflows/update-stores.yml @@ -69,6 +69,7 @@ jobs: repository: 'keyfactor/kfutil' sparse-checkout: | .github + cmd path: './merge-folder/' token: ${{ secrets.V2BUILDTOKEN }} ref: '${{env.KFUTIL_ARG}}' @@ -81,6 +82,7 @@ jobs: repository: 'keyfactor/kfutil' sparse-checkout: | .github + cmd path: './merge-folder/' token: ${{ secrets.V2BUILDTOKEN }} @@ -102,11 +104,6 @@ jobs: working-directory: ./tools/store-type-merge run: | python main.py --repo-name ${{ env.KFUTIL_ARG }} --ref ${{ env.TARGET_REPO_BRANCH }} - pwd - ls -la - ls -la ../ - ls -la ../../ - cp -f store_types.json ../../cmd/store_types.json env: GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN }} @@ -138,7 +135,10 @@ jobs: run: | echo "Saving original store_types.json as store_types.sav.json" cp -f ./tools/store-type-merge/store_types.json ./merge-folder/store_types.json + mkdir -p ./merge-folder/cmd || true cp -f ./tools/store-type-merge/store_types.json ./merge-folder/cmd/store_types.json # this necessary? + ls -la ./merge-folder/ + ls -la ./merge-folder/cmd/ # Diff the new json against the saved copy and set an UPDATE_FILE variable - name: Diff the results @@ -159,7 +159,9 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }} with: - add: store_types.json cmd/store_types.json --force + add: | + store_types.json + ./cmd/store_types.json --force message: Update store_types.json for ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} author_name: Keyfactor author_email: keyfactor@keyfactor.github.io @@ -172,7 +174,9 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }} with: - add: store_types.json cmd/store_types.json --force + add: | + store_types.json + ./cmd/store_types.json --force message: Update store_types.json for ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} author_name: Keyfactor author_email: keyfactor@keyfactor.github.io @@ -187,7 +191,13 @@ jobs: console.log("Commit to ${{env.KFUTIL_ARG}} for PR") const owner = context.repo.owner; const repo = context.repo.repo; - const baseBranch = 'main'; + + // Get the current branch name that the workflow is running on + const baseBranch = context.payload.ref ? + context.payload.ref.replace('refs/heads/', '') : 'main'; + + console.log(`Base branch for PR: ${baseBranch}`); + const newBranch = '${{env.KFUTIL_ARG}}'; const response = await github.rest.pulls.create({ owner,